Re: tlug: Spam filter (desperately) want

[Tod McQuillin <devin@example.com>]

On Fri, 19 May 2000, Jonathan Byrne wrote:

> Speaking as an ISP employee and a person who is often on the receiving
> end of misdirected, misguided, and just plain stupid SpamCop spew, it's
> the last thing I want to see anyone involved with.  It's so bad
> that I sometimes use a procmail filter to devnull anything sent
> by SpamCop, because never once have we received from SpamCop
> anything that actually came from here or had anything at all
> to do with this network.

I'm surprised.  Spamcop uses several public databases to track admins
responsible for a given network;  abuse.net, rbl.maps.vix.com, and
relays.orbs.org.  If you're getting Spamcop reports that have nothing to
do with you, perhaps the contact info in these databases is incorrect.

> SpamCop seems to spam the administrators of any domain which
> appears anywhere in the mail, regardless of whether or not they
> had anything to do with it.  Your domain name was forged on the 
> From: header or in the (always bogus) remove instructions?  Tough.
> You still deserve a spam from SpamCop (which, I suppose is why they
> call it that; because it spams innocent sysdadmins).

Sorry, but this is plain wrong.  From: headers are *always*
forged.  Spamcop only uses verifiable Received: headers.

Spamcop does offer the option to send reports to administrators of email
domains referenced in the spam (like in remove instructions), but this
option is turned off by default -- the spamcop user has to specifically
request (by means of a checkbox) this kind of report to be sent.

Also users are offered the option to send reports to administrators of
networks hosting web sites referenced in the spam.

> Plus, those complaint letters are totally useless and nothing but an
> annoyance for the recipients.  They will not put anyone on your
> side.  Abuse departments want to see one thing and one thing only:
> the spam, with the full headers displayed.

Spamcop will not process an email message or send a spam report unless all
headers are intact.  The reports sent consist of a single short paragraph
"This message is short for your comfort, see <url> for more info", and the
complete spam with all headers.

In about 50% of the cases where I use Spamcop, I receive a reply from a
network administrator saying "thanks for your report; we've now deleted
the account used to send this spam."  It's not useless.

> No commentary.  No form letters.  Just the spam.  And only if that
> spam actually came from one of their users, came from or passed
> through their network, or references a domain within their network. If
> it didn't, you basically have no business sending it to them and will
> only annoy them.

Dude, this is what spamcop does.  Honest.

In the case where a forged email address causes an ISP to receive a
Spamcop report in error, the ISP can go to the spamcop web site, and
register there as an "innocent bystander", after which Spamcop will send
them no more reports about the spam referencing their domain.

I'm sorry you've had bad experiences with Spamcop, but as the founder of
an ISP (in 1991) and long time internet network administrator, I do
believe that Spamcop is providing a useful service and running it in a
responsible way.  I stand by my recommendation.
-- 
Tod McQuillin


--------------------------------------------------------------------
Next Nomikai Meeting: June 16 (Fri), 19:00   Tengu TokyoEkiMae
Next Technical Meeting: July 8 (Sat) 13:30   Topic: TBA
--------------------------------------------------------------------
more info: http://www.tlug.gr.jp        Sponsor: Global Online Japan